Amendment and Response 

Applicant: Francisco Corella 
Serial No.: 09/483,185 
Filed: January 14, 2000 
Docket No.: 10991054-1 

Title: AUTHORIZATION INFRASTRUCTURE BASED ON PUBLIC KEY CRYPTOGRAPHY 

IN THE CLAIMS 

Please cancel claims 2, 5, 14, and 17 without prejudice. 
Please amend claims 1, 3, 4, 13, 15, and 16 as follows: 

1. (Currently Amended) A public key authorization infrastructure comprising: 
a client program accessible by a user; 

an application program; 

a certificate authority issuing a long-term public key identity certificate (long-term 
certificate) that binds a public key of the user to long-term identification information related 
to the user; 

a directory for storing short-term authorization information related to the user; and 
a credentials server for issuing a short-term public key credential certificate (short- 
term certificate) to the client, the short-term certificate binds the public key of the user to the 
long-term identification information related to the user from the long. term certificate and to 
the short-term authorization information related to the user from the directory, wherein the 
short-term certificate includes an expiration date/time and is not subject to revocation, 
wherein the client program presents the short-term certificate to the application program for 
authorization and demonstrates that the user has knowledge of a private key corresponding to 
the public key in the short-term certificate. 

2. (Cancelled) 

3. (Currently Amended) The public key authorization infrastructure of claim 3j_ wherein 
a validity period from when the credentials server issues the short-term certificate to the 
expiration date/time is sufficiently short such that the short-term certificate does not need to 
be subject to revocation. 

4. (Currently Amended) The public key authorization infrastructure of claim 31 further 
comprising: 

a certificate revocation list (CRL), wherein the expiration date/time of the short-term 
certificate is no later than a date/time at which a next CRL is scheduled. 
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5. (Cancelled) 

6. (Original) The public key authorization infrastructure of claim 1 wherein the short- 
term certificate is a non-structured short-term certificate. 

7. (Previously presented) The public key authorization infrastructure of claim 1 further 
comprising: 

a second application program; and 

wherein the short-term certificate is a structured short-term certificate including: 
a first folder corresponding to the first named application program and 

containing long-term information and short-term information as required by the first 

named application program; 

a second folder corresponding to the second application program and 

containing long-term information and short-term information as required by the 

second application; and 

wherein the first folder is open and the second folder is closed when the client 

presents the short-term certificate to the first named application program for 

authorization, wherein closing the second folder makes its contents not readable by 

the first named application program. 

8. (Original) The public key authorization infrastructure of claim 1 wherein the short- 
term certificate is an X.509v3 certificate. 

9. (Original) The public key authorization infrastructure of claim 7 wherein the first 
folder and the second folder are implemented as extension fields of an X.509v3 certificate. 

10. (Original) The public key authorization infrastructure of claim 1 wherein the 
directory further stores the issued long-term certificate. 

11. (Original) The public key authorization infrastructure of claim 1 wherein the private 



3 



Amendment and Response 

Applicant: Francisco Corel la 
Serial No.: 09/483,185 
Filed: January 14, 2000 
Docket No.: 10991054-1 

Title: AUTHORIZATION INFRASTRUCTURE BASED ON PUBLIC KEY CRYPTOGRAPHY 

key is stored in a smartcard accessible by the client program. 

12. (Original) The public key authorization infrastructure of claim 1 wherein the private 
key is stored in a secure software wallet accessible by the client program. 

13. (Currently Amended) A method of authorizing a user, the method comprising the 
steps of: 

issuing a long-term public key identity certificate (long-term certificate) that binds a 
public key of the user to long-term identification information related to the user; 
storing short-term authorization information related to the user; 

issuing a short-term public key credential certificate (short-term certificate) that binds 
the public key of the user to the long-term identification information related to the user 
contained in the long-term certificate and to the short-term authorization information related 
to the use r wherein the short-term certificate includes an expiration date/time and is not 
subject to revocation ; and 

presenting the short-term certificate on behalf of the user to an application program 
for authorization and demonstrating that the user has knowledge of a private key 
corresponding to the public key in the short-term certificate. 

14. (Cancelled) 

15. (Currently Amended) The method of claim 4413 wherein a validity period from 
when the short-term certificate is issued to the expiration date/time is sufficiently short such 
that the short-term certificate does not need to be subject to revocation. 

16. (Currently Amended) The method of claim 4413 further comprising the step of: 
maintaining a certificate revocation list (CRL), wherein the expiration date/time of the 

short-term certificate is no later than a time at which the next CRL is scheduled. 

17. (Cancelled) 
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18. (Original) The method of claim 13 wherein the short-term certificate is a non- 
structured short-term certificate. 

19. (Previously presented) The method of claim 13 wherein the short-term certificate is a 
structured short-term certificate including a first folder corresponding to the first named 
application program and containing long-term information and short-term information as 
required by the first named application program, and including a second folder corresponding 
to a second application program and containing long-term information and short-term 
information as required by the second application, wherein the method further comprises: 

closing the second folder and leaving the first folder open prior to the 
presenting step if the presenting step presents the short-term certificate to the first 
named application program for authorization, wherein closing the second folder 
makes its contents not readable by the first named application program. 

20. (Original) The method of claim 13 wherein the short-term certificate is an X.509v3 
certificate. 

21. (Original) The method of claim 19 wherein the first folder and the second folder are 
implemented as extension fields of an X.509v3 certificate. 

22. (Original) The method of claim 13 wherein the method further comprises the step of: 
storing the issued long-term certificate in a directory. 

23. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a smartcard. 

24. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a secure software wallet. 
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